From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2C334C77B6F for ; Sun, 19 Mar 2023 00:16:09 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 41E02280002; Sat, 18 Mar 2023 20:16:04 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3A571280001; Sat, 18 Mar 2023 20:16:04 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 10EC5280002; Sat, 18 Mar 2023 20:16:04 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id E7D2B280001 for ; Sat, 18 Mar 2023 20:16:03 -0400 (EDT) Received: from smtpin09.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id C580BC0CFF for ; Sun, 19 Mar 2023 00:16:03 +0000 (UTC) X-FDA: 80583730206.09.34067E9 Received: from mga14.intel.com (mga14.intel.com [192.55.52.115]) by imf05.hostedemail.com (Postfix) with ESMTP id BE7A0100007 for ; Sun, 19 Mar 2023 00:16:01 +0000 (UTC) Authentication-Results: imf05.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=KBwzjQ6a; spf=pass (imf05.hostedemail.com: domain of rick.p.edgecombe@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1679184962; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references:dkim-signature; bh=EAELIjQ8DyrYHPzfrIMRE/EUjFCHmLFlbgspe709h8s=; b=AA9egMDL0kF04kI8eD0dYlV7AGVMBVPHe7ioJrqy/ZlFAxo+3a56+RSWllYFnKQ1yi7X9Y k9sSWYYgBilB0Gz1uQcW0fY7orzhEbulMqv2plGuxiXpLrSGYAeDFPJzR2WYwE8rYIlAhe VV9wWhWBQyBeqTyh/k+gQpnoNqh+yak= ARC-Authentication-Results: i=1; imf05.hostedemail.com; dkim=pass header.d=intel.com header.s=Intel header.b=KBwzjQ6a; spf=pass (imf05.hostedemail.com: domain of rick.p.edgecombe@intel.com designates 192.55.52.115 as permitted sender) smtp.mailfrom=rick.p.edgecombe@intel.com; dmarc=pass (policy=none) header.from=intel.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1679184962; a=rsa-sha256; cv=none; b=mJCyuB5htsDy7h+XS+0zMwUeNRYmEnvJE+uIZG8ZspmzbigdXTYaiupbwVAf8vDgBFsOfG jafjSKHKi0AofphLLEm+wPxVHHYEysgRANQNqBKvs/XovRJMLFdI+vI+/n1pvp0WYKGzWz nEMkwoCMMkejFh8BpQp+O01UTkLJxf4= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1679184961; x=1710720961; h=from:to:cc:subject:date:message-id:in-reply-to: references; bh=K4Y6KAE5IrGSFrjM9/a33nZFp30wbA4tT+ZAd3T/ndY=; b=KBwzjQ6a3mPMkIVALWYxlHJngm8nfIVax0VxeuJhq/rczMOJeTWMAJjS njSZXak8Nwus4OtCoIBLdl3X5PkaSaVqMpa2qAarE1dY+YlKb9uEGwKIX w0uHymqErEcIU1YL7iLwQWDydGEZSWpH3SnyVCyoVURAvFWLUkhUUBZ+R a6Zd1WOW9CIp0bPQXcLJ9+SjNDjn4+5CyRuWA5bH+T1xeH35Qzye7cDCx pKVOrt53C4CQ+6YRnqswghHxGcez27xyiUnvpgJaTO4SuUpoEip5QfHUT 3/jLiIuXy1+00E4HRRIfwoZIi+s17YBz1Zm40gQrjENpR5NuX5EFhijzh A==; X-IronPort-AV: E=McAfee;i="6600,9927,10653"; a="338490814" X-IronPort-AV: E=Sophos;i="5.98,272,1673942400"; d="scan'208";a="338490814" Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by fmsmga103.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2023 17:16:00 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=McAfee;i="6600,9927,10653"; a="749672779" X-IronPort-AV: E=Sophos;i="5.98,272,1673942400"; d="scan'208";a="749672779" Received: from bmahatwo-mobl1.gar.corp.intel.com (HELO rpedgeco-desk.amr.corp.intel.com) ([10.135.34.5]) by fmsmga004-auth.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Mar 2023 17:15:59 -0700 From: Rick Edgecombe To: x86@kernel.org, "H . Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H . J . Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , Weijiang Yang , "Kirill A . Shutemov" , John Allen , kcc@google.com, eranian@google.com, rppt@kernel.org, jamorris@linux.microsoft.com, dethoma@microsoft.com, akpm@linux-foundation.org, Andrew.Cooper3@citrix.com, christina.schimpe@intel.com, david@redhat.com, debug@rivosinc.com, szabolcs.nagy@arm.com Cc: rick.p.edgecombe@intel.com, Yu-cheng Yu Subject: [PATCH v8 04/40] x86/cpufeatures: Enable CET CR4 bit for shadow stack Date: Sat, 18 Mar 2023 17:14:59 -0700 Message-Id: <20230319001535.23210-5-rick.p.edgecombe@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20230319001535.23210-1-rick.p.edgecombe@intel.com> References: <20230319001535.23210-1-rick.p.edgecombe@intel.com> X-Rspamd-Server: rspam05 X-Rspamd-Queue-Id: BE7A0100007 X-Stat-Signature: demwz4dwnmrutqumhb5q96ogpm47jruf X-Rspam-User: X-HE-Tag: 1679184961-618381 X-HE-Meta: U2FsdGVkX1+6iD0ALZqjZy0ANJEv+EZXoq30JtqeKA2qt61SdrHfJMoHdayjBFmh/pQWEi6QUhbpnXtUosg4JL5bbSqehV28Am78mBgu2txRHXW3BPaZUoRCl6Fsydcj8TiLbTyCqZ0lTdnr6eZbeyZAjpD+lzi5qxVUhjl+gcLqYTzq3QPkWzmBcO2UP3/wwxHJKvbIYQuTr/hFCN48uYGJH8YxAbFayarPf6Nlrnu8l4CpBWKVfMFfOO7SLhMXYF5J05jr/6ct3wVQBDzWPkR1YrxyAbXMksWo43VvATExtHPlJ7R2Ttvlf0VQunpHyPvu/w+47FbBTiMlTC/4sX4DYyNdkGH0nRu4wXPxn6yzWEJNwq5OSFi/0hVNJZzaiV0cpjy1IGmDEYKPsv+0i2Cw+qHYXX46fjV1KVJpTqG7e+X1BP+FXCyekSIV/3oQ85bnLp0T2YVhH4PCrtK8wX6oBTFpyd4Y3CcjSwolx+rcBOqfDlApaQFVu9XFGbpQRkEUZcYqHLNWxhT87hTNyggjTvqIhdysRA8hgjxABNUpN/BjxrtuwWWTNWmTmziLTXboNQr0Fi6ah3R+85zdXHuEieqvzYkNC2eHoVwZH3a0vyjnQyAE8GLWmaw7cCFJ0peEoQZNWEZrwhEqKdFZc/ihzNp/BcKlCjQzMyYax9VeP1FgGUGE+hhq9CXuuoVeWg8IyNu/fiX75L385L9W42AfB3UTbt9Ay2jF5lFZXl2pPedCVKtVEyRrQF1MT+/+GgBmySZPP0D45k9Wij7DK4Fuph/zMsIffOFZ8fyuzxhlG5TBH2XxXJj6i6ZIGhTv4u6Etd0pjlJaLwTg2iHqGpaZrN68ysCp/s+WXe0MUjNHdqZHwYUdXNn05qNWG8BQOI7kDAKcN78D+tjPx8He9eKB+7r00oR/UiBKPSPmJs5ySABX7c/Bct4RPrQu0/DXcSXZTJNfnl+HNOHaU6l 4Sj4bwcI 2cDHHtyIZK46Bb8I9PdwWhweCGedwa/95nrB8TGkZuWLn7k5miEfP4B1bxDfUKppSYuwvL0sfbVruRfWRI2BKgA+mI7JbsRS41W+MEFa1TAfoe/mLgCPLnqTO5zeYwgBgbdbfyNDRY2HtIuFzDYWBz3xotsMQVgDGWZcJmIcdhiQxHnsHDUhACEH9YAz45vdHKKFOXny+zzMviJRbj30y6PDGTOLWieVQel/JV/lsc0Ii8udcMXwl9SOWYlSh4/8bM45AmmJsD/B0Jx5DcO2iJiLEQFr9MHuO295jiLJ6e0DsB2QrkEpLY/FKN21zxYWjJlvg5Nyko9KGPacLnmN5fPSqWv9mLLbLQ7ZY X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Setting CR4.CET is a prerequisite for utilizing any CET features, most of which also require setting MSRs. Kernel IBT already enables the CET CR4 bit when it detects IBT HW support and is configured with kernel IBT. However, future patches that enable userspace shadow stack support will need the bit set as well. So change the logic to enable it in either case. Clear MSR_IA32_U_CET in cet_disable() so that it can't live to see userspace in a new kexec-ed kernel that has CR4.CET set from kernel IBT. Co-developed-by: Yu-cheng Yu Signed-off-by: Yu-cheng Yu Signed-off-by: Rick Edgecombe Reviewed-by: Kees Cook Acked-by: Mike Rapoport (IBM) Tested-by: Pengfei Xu Tested-by: John Allen Tested-by: Kees Cook --- v5: - Drop "shstk" from cpuinfo (Boris) - Remove capitalization on shadow stack (Boris) v3: - Add user specific shadow stack cpu cap (Andrew Cooper) - Drop reviewed-bys from Boris and Kees due to the above change. v2: - Remove IBT reference in commit log (Kees) - Describe xsaves dependency using text from (Dave) v1: - Remove IBT, can be added in a follow on IBT series. --- arch/x86/kernel/cpu/common.c | 35 +++++++++++++++++++++++++++-------- 1 file changed, 27 insertions(+), 8 deletions(-) diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c index 8cd4126d8253..cc686e5039be 100644 --- a/arch/x86/kernel/cpu/common.c +++ b/arch/x86/kernel/cpu/common.c @@ -600,27 +600,43 @@ __noendbr void ibt_restore(u64 save) static __always_inline void setup_cet(struct cpuinfo_x86 *c) { - u64 msr = CET_ENDBR_EN; + bool user_shstk, kernel_ibt; - if (!HAS_KERNEL_IBT || - !cpu_feature_enabled(X86_FEATURE_IBT)) + if (!IS_ENABLED(CONFIG_X86_CET)) return; - wrmsrl(MSR_IA32_S_CET, msr); + kernel_ibt = HAS_KERNEL_IBT && cpu_feature_enabled(X86_FEATURE_IBT); + user_shstk = cpu_feature_enabled(X86_FEATURE_SHSTK) && + IS_ENABLED(CONFIG_X86_USER_SHADOW_STACK); + + if (!kernel_ibt && !user_shstk) + return; + + if (user_shstk) + set_cpu_cap(c, X86_FEATURE_USER_SHSTK); + + if (kernel_ibt) + wrmsrl(MSR_IA32_S_CET, CET_ENDBR_EN); + else + wrmsrl(MSR_IA32_S_CET, 0); + cr4_set_bits(X86_CR4_CET); - if (!ibt_selftest()) { + if (kernel_ibt && !ibt_selftest()) { pr_err("IBT selftest: Failed!\n"); wrmsrl(MSR_IA32_S_CET, 0); setup_clear_cpu_cap(X86_FEATURE_IBT); - return; } } __noendbr void cet_disable(void) { - if (cpu_feature_enabled(X86_FEATURE_IBT)) - wrmsrl(MSR_IA32_S_CET, 0); + if (!(cpu_feature_enabled(X86_FEATURE_IBT) || + cpu_feature_enabled(X86_FEATURE_SHSTK))) + return; + + wrmsrl(MSR_IA32_S_CET, 0); + wrmsrl(MSR_IA32_U_CET, 0); } /* @@ -1482,6 +1498,9 @@ static void __init cpu_parse_early_param(void) if (cmdline_find_option_bool(boot_command_line, "noxsaves")) setup_clear_cpu_cap(X86_FEATURE_XSAVES); + if (cmdline_find_option_bool(boot_command_line, "nousershstk")) + setup_clear_cpu_cap(X86_FEATURE_USER_SHSTK); + arglen = cmdline_find_option(boot_command_line, "clearcpuid", arg, sizeof(arg)); if (arglen <= 0) return; -- 2.17.1